>From what I have figured out. Flex stores to a local db file that is
accessible to any other flex app that is running on the local machine. Not
secure. The only way you are going to get it to be secure (from my
understanding) is to encrypt it yourself and develop a security routine
yourself. Syncing with the server is either handled on your own, or if you
use liveCycle or some other DTO with logic that does this automatically.
There are some good tutorials on doing this with Java and LiveCycles, but I
don't have much access to my server and don't know how to tell if I have
LiveCycles installed (or knowledge of Java) so I have been writing a custom
sync routine that happens whenever a record is saved that sends all unsynced
records ("UPDATED", "DELETED", "NEW") to the FDS gateway into a ColdFusion
Service. I am also going to use GUIDs to insure that the info is unique.
You'll want to clear the CCs out of your local SQLite db manually if you
intend to store it the way I'm doing it.If I'm wrong someone correct me. Scott From: [email protected] [mailto:[EMAIL PROTECTED] On Behalf Of George Sent: Tuesday, January 15, 2008 1:33 PM To: [email protected] Subject: Re: [flexcoders] Adobe AIR Disconnected storage with Credit Cards For me I would never try to store sensitive private information anywhere as user don't know. I would ask to input credit cards information once again when getting back online. George Jeff Krueger wrote: > Paul, > > Thanks. Yes I was thinking about something close to that. Of course when the CC is entered you can do the check digit to make sure the number is valid. I have a good background in Flex all the way back to flex 1.5. I haven't started with AIR yet, but I am thinking so I put the CC into the value object and attempt to call my webservice to actually do the charge. I am looking for details about how the application handles the fact it can't get to the webservice. What is AIR doing being the scene to "save" that so it can resend it when a connection is available again. Yes if I encrypt the CC before putting it into the value object that helps, but I still have to answer the question for the auditors of where is the encrypted information stored. Is it purged after the connection is reestablished, etc. So in a perfect world maybe there is a flag for a field in AIR that if it has to store it for a temp time that it will encrypt it. I am just having > a hard time finding out the low level details of how this is supported (The store and forward). > > Thanks > > Jeff > >
<<image001.jpg>>
<<image002.jpg>>
